Avast WEBforum
Non-English Zone => Português => Topic started by: REDACTED on August 20, 2015, 07:58:23 PM
-
Em visita a Miami, pesquisando sobre passeios na internet, minha esposa, instalou, sem querer, o Ninja Loader e agora eu não consigo desinstalar o Ninja Loader do meu PC, quando seleciono desinstalar não acontece nada.
Ja passei o Avast e malwarebyte, que identificaram arquivos maliciosos, porém não consigo remover o Ninja Loader.
Alguem pode me ajudar
-
Eu não falo português por isso, se há problema pedir Jefferson Santiago para traduzir
I do not speak Portuguese so if there are problem ask Jefferson Santiago to translate
Please download Farbar Recovery Scan Tool (http://www.geekstogo.com/forum/files/file/435-frst-farbars-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.
-
Fiz o processo e gerei os relatórios, mas não consigo anexar os arquivos .txt, como faço isso?
-
Attach as per the screenshot
-
OK.
-
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
Abra o bloco de notas e copiar/colar o texto no quotebox abaixo nele:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
SearchScopes: HKLM -> DefaultScope value is missing
FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: NinjaLoader - C:\Program Files (x86)\Ninja Loader\FireFox [2015-08-14]
FF HKU\S-1-5-21-3232116556-672119108-2443747463-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345
R2 NetTcpHandler; C:\Users\Jovem\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-07-09] (Ninja Soft Inc.)
2015-08-18 09:10 - 2015-08-18 09:40 - 00000000 ____D C:\ProgramData\qIhACqT
2015-08-14 08:57 - 2015-08-14 08:59 - 00000000 ____D C:\Users\Jovem\AppData\Local\Ninja Loader
2015-08-14 08:57 - 2015-08-14 08:58 - 00000000 ____D C:\Program Files (x86)\Ninja Loader
2015-08-14 08:57 - 2015-08-14 08:57 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-08-21 07:49 - 2015-07-11 17:42 - 00000342 ____H C:\Windows\Tasks\YNFETQHEJITHMKWT.job
2015-08-20 11:48 - 2015-07-11 17:00 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\RunDir
2015-08-18 14:35 - 2015-05-19 17:15 - 00003150 _____ C:\Windows\System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3}
2015-08-18 14:35 - 2015-05-08 07:59 - 00002980 _____ C:\Windows\System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6}
2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC}
2015-08-18 14:35 - 2015-05-08 07:58 - 00002980 _____ C:\Windows\System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C}
2015-08-18 10:59 - 2015-07-11 17:11 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436645488-5610-8054-C7C04F343432
2015-08-18 10:59 - 2015-07-11 17:01 - 00000000 ____D C:\Users\Jovem\AppData\Roaming\4C4C4544-1436644865-5610-8054-C7C04F343432
2015-08-18 10:50 - 2015-07-11 17:08 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-18 09:27 - 2015-07-11 17:42 - 00000000 ____D C:\ProgramData\Service8119
2015-04-19 09:20 - 2015-07-20 11:07 - 0000626 _____ () C:\Users\Jovem\AppData\Roaming\K5jArlWh4U7dQLUa8HokyxTUm
Task: {2A67190A-F302-48CC-96A0-2878F87C2BF7} - System32\Tasks\{02ED785B-A075-4A26-BBB5-594A8ECC7EA6} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {84F7CE8E-D176-4C73-B75D-DF778EDEB91F} - System32\Tasks\YNFETQHEJITHMKWT => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION
Task: {8567324D-2E32-4247-A067-6A3771E7A442} - System32\Tasks\{CB805551-342F-4F27-A4C8-246B09410ADC} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {8BDE9546-E393-4E5A-88DD-65A2B214FC45} - System32\Tasks\{628F4596-038E-4AA3-950F-E05683E479F3} => pcalua.exe -a "C:\Users\Jovem\Downloads\SPSO_3_50_Full (1).exe" -d C:\Users\Jovem\Downloads
Task: {9BA23F5A-2468-4BAD-ADAE-76B81318C481} - System32\Tasks\{793FBDA8-1D48-427D-A17D-ECB08A007D9C} => C:\Users\Jovem\Downloads\interpolador Rinex\rinterpo.exe [1999-03-08] ()
Task: {D2B6F651-331D-4813-AF44-0E5C31E99B63} - System32\Tasks\{CE72282F-634D-428B-A893-5DB99686608A} => pcalua.exe -a C:\ProgramData\BreakingNewsAlert\uninstall.exe -c /kb=y /ic=1
Task: C:\Windows\Tasks\YNFETQHEJITHMKWT.job => C:\ProgramData\Service8119\Service8119.exe <==== ATTENTION
C:\ProgramData\BreakingNewsAlert
C:\Users\Jovem\AppData\Local\Ninja Loader
C:\Users\Jovem\AppData\Roaming\NetService
C:\Program Files (x86)\Ninja Loader
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
-
OK, it is done!
The Ninja loader gone, but still appears http://www.123rede.com/?oem=mbtkv5&uid=WX91A94H6857_WDCWD5000LPVX-75V0TT0&tm=1439902345 When I start my Chrome Browser
-
Could you run a fresh FRST scan please as I did remove that... I need to see if it has returned
-
ok
-
Could you reset chrome please https://support.google.com/chrome/answer/3296214?hl=pt